[Exim] Exim and W32/Klez.eml virus

Página Inicial
Delete this message
Reply to this message
Autor: Ganbold
Data:  
Para: exim-users
Assunto: [Exim] Exim and W32/Klez.eml virus
Hi

I'm having problem with exiscan when checking Klez macro virus. It says
"2003-02-26 11:36:46 18nsMU-0006xv-00 exiscan: warning: error parsing
returned output".

Exiscan config in Exim config.
----------------------------------------------------------------------------------------------------------------

# Exiscan options
exiscan_condition = ${if or {{eq{$received_protocol}{esmtp}} \
{eq{$received_protocol}{asmtp}} \
{eq{$received_protocol}{smtp}}} \
{1}{0} }
exiscan_timeout = 5m
exiscan_crypt_salt = fo
exiscan_av_condition = 1
exiscan_av_scanner = cmdline
exiscan_av_scanner_path = /usr/local/uvscan/uvscan
exiscan_av_scanner_options = --secure -rv --summary --noboot |
exiscan_av_action = reject
exiscan_av_scanner_regexp_trigger = Found
exiscan_av_scanner_regexp_description = Found[: ] (.+)$


Following is the part of log file.
********************************************************************************************************

2003-02-26 11:36:46 18nsMU-0006xv-00 exiscan: warning: error parsing
returned output
Scanning /var/spool/exim/scan/18nsMU-0006xv-00/*
Scanning file /var/spool/exim/scan/18nsMU-0006xv-00/18nsMU-0006xv-00-complete
/var/spool/exim/scan/18nsMU-0006xv-00/18nsMU-0006xv-00-complete
         Found the W32/Klez.eml virus !!!


Summary report on /var/spool/exim/scan/18nsMU-0006xv-00/*
File(s)
         Total files: ...........       1
         Clean: .................       0
         Possibly Infected: .....       1
Thank you for choosing to evaluate VirusScan from Network Associates.
This  version of the software is for Evaluation Purposes Only and may be
used  for  up to 30 days to determine if it meets your requirements.  To
license  the  software,  or to  obtain  assistance during the evaluation
process,  please call (408) 988-3832.  If you  choose not to license the
software,  you  need  to remove it from your system.  All  use  of  this
software is conditioned upon compliance with the license terms set forth
in the README.TXT file.


2003-02-26 11:36:46 18nsMU-0006xv-00 temporarily rejected by exiscan():
Temporary local problem (error parsing returned output)